When I installed arch a while ago (a year?) I was pretty sure I added a firewall. However now when I issue the "iptables" or "iptables -nvL" command it says "command not found". I don't recall what front end I (supposedly) installed. I did change to systemd in the meantime, maybe that is what caused it to go awol.
It was not crucial because I am behind a router, but now that my son is punching holes in the router firewall for his games, I'd like to fix this situation.
A couple of things confuse me. If iptables is part of the kernel then I shouldn't have to install it, right? But then it should respond to "iptables -nvL" I would think.
Also I wonder if I have a front end even if there is no iptables. I did try "pacman -Qs firewall" and got nothing. Also when I did "pacman -Ss firewall" I found a few front ends like shorewall and ufw but no iptables.
Last edited by PaulBx1 (2012-10-25 02:07:09)
It makes me curious as to why you did not do $ pacman -Ss iptables ?
Guess I just assumed the description for iptables would have "firewall" in it. Silly me.
Well I must have been hallucinating that I had a firewall before. Anyway there is none now that I can tell ("systemctl" does not display anything having to do with firewalls or iptables either). So, I suppose I will just install a firewall and front end as if I never had...
I imagine the situation with iptables is similar to udev. Support for it is built into the kernel but you still need to install a userspace program in order to take advantage of it.
6EA3 F3F3 B908 2632 A9CB E931 D53A 0445 B47A 0DAB
Great things come in tar.xz packages.
Well ya, iptables and Netfilter is part of the Kernel, but you configure it with userspace tools.
You had it right you tell what rules are configured with the command: iptables -nvL
Personaly, I love arno-iptables-firewall script that is in the AUR. It makes it vary easy to do NAT, Port-Forwarding, and everything you would ever want. It also makes vary secure rules to prevent all kinds of attacks. I really could not do a better job myself. I found that basicaly all the GUI "firewall" iptables configuration programs only set vary basic rules.
This is the systemd unit file I use to start/stop
[Unit] Description=Arno iptables firewall [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/arno-iptables-firewall start ExecStop=/usr/sbin/arno-iptables-firewall stop [Install] WantedBy=multi-user.target
You configure it by editing /etc/arno-iptables-firewall/firewall.conf